CVE-2020-11420 Information

Description

UPS Adapter CS141 before 1.90 allows Directory Traversal. An attacker with Admin or Engineer login credentials could exploit the vulnerability by manipulating variables that reference files and by doing this achieve access to files and directories outside the web root folder. An attacker may access arbitrary files and directories stored in the file system but integrity of the files are not jeopardized as attacker have read access rights only.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

https://library.e.abb.com/public/ee46f3ff5823400f991ebd9bd43a297e/2CMT2020-00591320Security20Advisory20CS141.pdf https://www.generex.de/index.php?option=com_content&task=view&id=185&Itemid=249

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.5